Spring Security with OAuth2(Keycloak) disable default login page

Question

I have successfully configured Spring Boot Spring Security with Keycloak. Everything works fine. In order to login, I use the following URL: http://localhost:8081/realms/MY_REALM_NAME

But when I try to access the following page: http://localhost:8080/login I see the following page:

I'd like to disable/remove this page. How to properly configure it with Spring Security?

UPDATED

My SpringSecurity configuration:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends VaadinWebSecurityConfigurerAdapter {

    private final ClientRegistrationRepository clientRegistrationRepository;
    private final GrantedAuthoritiesMapper authoritiesMapper;
    private final ProfileService profileService;

    SecurityConfiguration(ClientRegistrationRepository clientRegistrationRepository,
                          GrantedAuthoritiesMapper authoritiesMapper, ProfileService profileService) {
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authoritiesMapper = authoritiesMapper;
        this.profileService = profileService;
        SecurityContextHolder.setStrategyName(VaadinAwareSecurityContextHolderStrategy.class.getName());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                // Enable OAuth2 login
                .oauth2Login(oauth2Login ->
                        oauth2Login
                                .clientRegistrationRepository(clientRegistrationRepository)
                                .userInfoEndpoint(userInfoEndpoint ->
                                        userInfoEndpoint
                                                // Use a custom authorities mapper to get the roles from the identity provider into the Authentication token
                                                .userAuthoritiesMapper(authoritiesMapper)
                                )
                                // Use a Vaadin aware authentication success handler
                                .successHandler(new KeycloakVaadinAuthenticationSuccessHandler(profileService))
                )
                // Configure logout
                .logout(logout ->
                        logout
                                // Enable OIDC logout (requires that we use the 'openid' scope when authenticating)
                                .logoutSuccessHandler(logoutSuccessHandler())
                                // When CSRF is enabled, the logout URL normally requires a POST request with the CSRF
                                // token attached. This makes it difficult to perform a logout from within a Vaadin
                                // application (since Vaadin uses its own CSRF tokens). By changing the logout endpoint
                                // to accept GET requests, we can redirect to the logout URL from within Vaadin.
                                .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
                );
    }

    @Bean
    @Primary
    public SpringViewAccessChecker springViewAccessChecker(AccessAnnotationChecker accessAnnotationChecker) {
        return new KeycloakSpringViewAccessChecker(accessAnnotationChecker, "/oauth2/authorization/keycloak");
    }

    private OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler() {
        var logoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
        logoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
        return logoutSuccessHandler;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
        // Don't apply security rules on our static pages
        web.ignoring().antMatchers("/session-expired");
    }

    @Bean
    public PolicyFactory htmlSanitizer() {
        // This is the policy we will be using to sanitize HTML input
        return Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.STYLES).and(Sanitizers.LINKS);
    }

}

check this post [https://stackoverflow.com/questions/49583373/how-to-change-login-url-in-spring-security](https://stackoverflow.com/questions/49583373/how-to-change-login-url-in-spring-security) — jSckons, Oct 20 '22 at 19:35
I'm sorry, maybe I didn't read the mentioned post carefully, but I don't see the answer to my question there — alexanoid, Oct 20 '22 at 19:50
Hi, Spring Boot Security can be setup in a bunch of diferent ways. In the link provided by the another user it tolds you how to setup the url for the login page. This is important since if any user try to acces your page on a protected resource it will be redirected to it. Can you share with use your project structure and your spring security configurations so we can help you? — Òscar Raya, Oct 20 '22 at 23:25
Thanks for your answer. I added my `SecurityConfiguration` to the question — alexanoid, Oct 21 '22 at 00:03

score 0 · Answer 1 · answered Oct 21 '22 at 06:09

0

Have tried formLogin().disable() method?

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
            //your config here
            .and().formLogin().disable();
    }

answered Oct 21 '22 at 06:09

Elyorbek Ibrokhimov

753
6
11

Unfortunately, yes. I added the following line at the end of the config -`.formLogin().disable();` but it didn't help – alexanoid Oct 21 '22 at 09:33

Spring Security with OAuth2(Keycloak) disable default login page

1 Answers1